[eluser]riwakawd[/eluser]
[quote author="Tim Brownlaw" date="1398398615"]To answer your question... No, they are not!
They have different names and only the session_id is generated by the system... Token is something you've come up with and need to set / define!
Not sure why you'd be passing the session_id via the URL as a GET! But that's another story!
Quick test. When in doubt - Take a look!
Code:
// Check out the individual session vars I am interested in looking at
echo '<br>';
echo "This is the Session_id ";
echo $this->session->userdata('session_id');
echo '<br>';
echo 'This is the Token';
echo $this->session->userdata('token');
echo '<br>';
//or show the whole lot
var_dump($this->session->all_userdata());
To find the answers to questions like these, you need to be able to see (inspect) what it is you are looking at!
Cheers
Tim
[/quote]
How do you request token in codeigniter like this is it $this->request->get['token']
Code:
if ($this->user->isLogged() && isset($this->request->get['token']) && ($this->request->get['token'] == $this->session->data['token'])) {
$this->response->redirect($this->url->link('common/dashboard', 'token=' . $this->session->userdata['token'] , 'SSL'));
}
if (($this->request->server['REQUEST_METHOD'] == 'POST') && $this->validate()) {
$this->session->userdata['token'] = md5(mt_rand());
if (isset($this->request->post['redirect']) && (strpos($this->request->post['redirect'], HTTP_SERVER) === 0 || strpos($this->request->post['redirect'], HTTPS_SERVER) === 0 )) {
$this->response->redirect($this->request->post['redirect'] . '&token;=' . $this->session->userdata['token'] );
} else {
$this->response->redirect($this->url->link('common/dashboard', 'token=' . $this->session->userdata['token'], 'SSL'));
}
}